Leaked NSA Exploits Shifting From Ransomware To Cryptocurrency Mining

from the now...-for-my-next-trick dept

Will we ever see a complete postmortem of the damage done by leaked NSA software exploits? All signs point to "no."

[M]ore than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and vulnerable to attack.

Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.

This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone.

EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs.

Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago.

“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason.

“Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company.

Fun stuff. And all made possible by the US government. Sure, indirectly, but it's not like no one in the private sector ever expressed concerns about the agency's vulnerability hoarding and the possibility of exactly this sort of thing happening. The exploit the NSA thought was too good to give up was taken from it and handed over to the malware-crafting masses to inflict misery around the world. Enemies were made -- and not all of them were software and hardware developers.

There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cryptocurrency, eternalblue, exploits, mining, nsa, ransomware, wannacry


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Hero, 21 Sep 2018 @ 11:10am

    > Stats from Shodan show more than 300,000 unpatched machines in the United States alone.

    This is a topic in itself. In the last week or so I've been wondering how to incentivize patching. I swear, it has nothing to do with a recent update that borked my laptop's integrated camera.

    Unfortunately, the remote chance of a malware attack vs. the disruption an update can wreak is easy to make in a bubble, but with work deadlines and the rest of life in play, there's a strong incentive to stay with what works.

    Anyone have any ideas on how to incentivize patching? I mean, I'd love something like, "Every time I install updates, Microsoft will pay me $100." It's a great deal, especially because I run Linux.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Sep 2018 @ 11:33am

      Re:

      If you run Linux, run two or more machines with the same distro, and update one and check everything works before updating the other(s). That way you have a backup, in case of hardware or software failure. Also run a distro that has manual kernel installs, which allow you to keep the previous kernel and its drives available for fallback in case a kernel upgrade causes driver issues.

      link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 21 Sep 2018 @ 10:44pm

        Re: If you run Linux, run two or more machines with the same dis

        It’s easy enough to do a file-level backup of the entire OS installation before an upgrade. Then if you need to, you can roll it back afterwards. Boot off a USB stick with a copy of SystemRescueCD on it, and then you can revert the regular OS install from your backup.

        rsync is a great tool for this.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Sep 2018 @ 3:54am

          Re: Re: If you run Linux, run two or more machines with the same dis

          My approach is colored a bit by running Manjaro, where an update can break things installed from the AUR. There, figuring out what is broken, and fixing it by re-installing is a better approach than a rollback. Also, synergy makes a desktop, cluster practical, by sharing the keyboard mouse and clipboard, and extra screens come in useful for reference manuals etc. while working on a project.

          link to this | view in chronology ]

          • identicon
            Lawrence D’Oliveiro, 22 Sep 2018 @ 11:14am

            Re: fixing it by re-installing is a better approach than a rollb

            But surely a rollback would be quicker than a reinstall.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 22 Sep 2018 @ 12:33pm

              Re: Re: fixing it by re-installing is a better approach than a rollb

              Its more a case of figuring out which libraries from the AUR need rebuilding against the updated base system, and is a hazard of using the AUR. It is not difficult to do, and mainly waiting for compiles to finish.

              link to this | view in chronology ]

    • identicon
      I.T. Guy, 21 Sep 2018 @ 11:48am

      Re:

      In my 15+ years as a tech supporting widows I have yet to have a patch break a personal machine to the point of having to re-image. Not that it does not happen. In my experience I have had to rebuild many more machines due to ad/spy/virus than due to a bad patch.

      Most people don't realize it until they are paying Geek Squad 200 bucks to restore their machine.

      "incentivize patching?"
      On the other end... fines for an unpatched machine. LOL. Just kidding.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Sep 2018 @ 1:55pm

        Re: Re:

        On the other end... fines for an unpatched machine.

        It's what this story's about, right? The fine will be paid in cryptocurrency, mined by the unpatched machine.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Sep 2018 @ 1:54pm

      Re:

      Anyone have any ideas on how to incentivize patching?

      Make the chance of a malware attack less remote?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Sep 2018 @ 11:47am

      Re:

      People would get mad if Microsoft forced an update. If they don't force updates people complain that the computer is not secure.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    haha hehe hoho, 21 Sep 2018 @ 11:14am

    retards

    do not respond you do your gonna get what you deserve.

    link to this | view in chronology ]

    • identicon
      I.T. Guy, 21 Sep 2018 @ 11:40am

      Re: retards

      Ooooooh... scary.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Sep 2018 @ 11:55am

      Re: retards

      I can only think of one response to this comment.

      To quote a wikipedia template:

      "This article may be incomprehensible or very hard to understand. Please help by rewording it if the intended meaning can be determined."

      link to this | view in chronology ]

  • icon
    ECA (profile), 21 Sep 2018 @ 11:38am

    VIVA LINUX

    This is so much fun..
    MS thinking that creating a Server system that can compete with an OS designed to be SERVER SOFTWARE..
    the only comment I get from Admins is that MS is easier..
    The only problem I see, is PAYING for it yearly, and expecting them to be AHEAD of hacking... And MS isnt the only one you will need, and PAY for.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Sep 2018 @ 10:52pm

      Re: VIVA LINUX

      MS thinking that creating a Server system that can compete with an OS designed to be SERVER SOFTWARE.. the only comment I get from Admins is that MS is easier.. The only problem I see, is PAYING for it yearly, and expecting them to be AHEAD of hacking... And MS isnt the only one you will need, and PAY for.

      Admins use Windows because in large deployment scenarios it is easier to manage.

      That's not to say linux hasn't had improvements in recent years, it certainly has. Actually, systemd despite being universally hated, was a step in that direction before it turned into a borg drone and started assimilating everything. Linux is still far from ready for large scale deployment however.

      One of the most basic functions that Admins take for granted in Windows is centralized configuration policies. This works under Windows regardless of version, and can be fine grained enough to only apply to the systems that actually need it. There is no equivalent functionality under linux. The best you can hope for is rsyncing /etc, but that assumes the same distro and version of said distro is used everywhere the "policy" is applied, due to config differences between versions of an application, maintainer compile time settings per application, and other distro specific changes. Case in point: Go configure an Asterisk server under Ubuntu 18.04. If you try to set the astdatadir variable in /etc/asterisk/asterisk.conf it will crash on startup due to the value being set at compile time to a non-standard directory so the maintainer could integrate their update-alternatives package. This also has the habit of breaking user defined system recordings for use with IVFs. Now, that's just one package, but it's an important thing to keep track of if you decide to rsync that package's config from another system, and as I said, it’s one package. Now imagine doing that for hundreds of packages across multiple distros.

      Another feature Admins take for granted with Windows is the ability to define wireless and VPN profiles for laptops. Once again, this is not easy to do under a standard linux distro. NetworkManager could do this, but it's API does not currently support such capability, and it's configs are non-portable between machines of different hardware configurations. NetworkManager also has a bad habit of assigning MAC addresses to profiles when activated for the first time, making any future hardware change cause the profile to be disabled and a new one made. NetworkManager also has a bad set of GUI config tools that tend not to work correctly which confuse the users. Don't get me started on dnsmasq vs. systemd-resolved vs. resolvconf either. I can't set the DNS settings in our VPN software because it will cause the connection to fail on the clients when they try to use a non-installed DNS config manager to set the config. Worse, the error message returned by the clients is flat out wrong. Because it was the client that failed to set it's DNS config, not some server error. And that's assuming you can get the wireless working to begin with....

      Now some of you may say: "Well just use puppet / some other tool!" Well there's two problems with that: 1. It costs more money. For a system that bills itself as the free alternative, having to walk into a board meeting to justify spending money on making it work the way we need it to, and to then also claim that there is a non-zero chance it will still not be up to the task afterwards is not the best move from a business perspective. Especially when Microsoft and friends will happily sell you a system that does work out of the box, and that any competent admin will know how to use, no questions asked. 2. With puppet and others you still have to sort out the distro differences yourself and there is no standard between them or the different automation solutions. Windows has the GUI included by default and a large and mostly non-fragmented user base. Which means when problems come up you have a much bigger chance of getting help, and the solutions being consistent across versions. Honestly it would have been easier just adapting Group Policy to linux where possible. Which brings me to my last point...

      Windows has the advantage because people know what to expect from it. Linux requires a lot of retooling and re-education to make it work. Both on the end user side and the admin side of things. Granted that's to be expected of moving to a new system, but the issue is: The amount of change mandated is too daunting of a task to complete in such a short amount of time. It's also not cheaper given you need to pay more than you got the system for to retrain everyone to use it and maintain it. Given the penalty for making the switch without paying upfront is a non-working system you need to conduct day-to-day operations for thousands of employees, it's no surprise that Admins are hesitant to make the jump.

      Disclaimer: I say this as someone who has tried and failed to make that jump, and paid the price for it.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 22 Sep 2018 @ 11:50pm

        Re: Linux is still far from ready for large scale deployment how

        Your (mis)information is seriously out of date.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 23 Sep 2018 @ 4:19am

        Re: Re: VIVA LINUX

        Admins use Windows because in large deployment scenarios it is easier to manage.

        Then why did Microsoft implemented Windows Subsystem for Linux(WSL); which is an attempt to keep selling Windows licenses to sysadmins and software developers. If Windows had the advantage, such a system would not be needed.

        link to this | view in chronology ]

    • icon
      ECA (profile), 24 Sep 2018 @ 11:22pm

      Re: VIVA LINUX

      let me say this...
      I suggested Linux, and if none else UNIX...
      Im from the old days and if nothing else a Multi tiered Signin protocall, for EACH LAYER of an online interface and OS..

      Iv been told that this is idiotic..
      Adn I say WE HAD IT IN THE PAST WHAY THE F''' DONT WE NOW..

      link to this | view in chronology ]

      • icon
        ECA (profile), 24 Sep 2018 @ 11:27pm

        Re: Re: VIVA LINUX

        And if you really want to add to this.....the automated ADMIN TYPE programs are SPIT...
        Thinking a prgram can monitor the activities of the SIGNED IN PERSON HAS SHOWN, that it STUPID...
        Letting someone be online beyond a certain TINE FRAME is F' STUPID...knowing what they are DOING IS THE ADMIN JOB...

        Someone Stealing a TERABYTE of date...IS THE ADMINS PROBLEM.

        link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 21 Sep 2018 @ 1:11pm

    But back doors are still secure and can NEVER be compromised, especially when the "Good guys" have the keys, right guys?



    Guys?

    link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 21 Sep 2018 @ 1:27pm

    Follow the Money

    I am wondering what proof we have that the NSA is not still using these exploits? For that matter, what proof do we have that the NSA isn't responsible for the Cryptocurrency Mining?

    I can imagine there are some black ops for they don't want to ask for funding in any kind of an outright way. If one wants to keep a secret, tell no one. If one must, tell one other. Funding takes more than one.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Sep 2018 @ 1:33pm

    But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage.

    I disagree. Microsoft substantially contributed, over many years, to users' distrust of patching. They are not alone in this, but they are a major contributor, especially with how they abused their patch infrastructure to push Windows 10 on users who did not want it. Further, their longstanding policy that they patch only recent releases (which, by itself, is not unreasonable), combined with a series of unpopular releases that people would rather not use, makes it simply impossible for some users to get patches to the version of Windows they want to use, even if those users are willing to install patches. Look at how many people still cling to Windows XP, due in large part to problems with the later releases (bad default UI, missing drivers for legacy hardware, ...). Those people can never be patched, unless Microsoft reopens XP support (which will never happen) or releases a Windows iteration that convinces them to move forward (which, after how Microsoft handled Windows 8 and Windows 10, also seems very unlikely).

    Put all that together and you have many users who would rather run the risk of getting infected than deal with the certainty of unpleasant patches.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Sep 2018 @ 3:34pm

    When each new security update simply slams the door on the old backdoor that escaped captivity, and replaces it with new ones, the damage created is endless. By design.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Sep 2018 @ 3:43pm

    > Look at how many people still cling to Windows XP, due in large part to problems with the later releases (bad default UI, missing drivers for legacy hardware, ...).

    That could happily be me. I'm much less satisfied with Windows 7. I'd be happy to go all the way back to a Windows 3.1. At that stage in development the operating system was far less locked down giving the user more control over customization of OS function. It was great to learn on. Break it. Fix it. Make it better for the lessons learned.

    Today Linux is the closest experience to this.

    The road out of Windows 3.1 has been incrementally toward less useful locked down and dumbed down. Terrible from the consumer perspective. Wonderful from the profit driven perspective. Windows XP marked a line of demarcation where the user experienced was shoe-horned and stuffed full of features sufficiently annoying to users as to be willing to not path or move elsewhere.

    New iterations continue to be more annoying. I predict that trend continues. Eventually the pool of users sufficiently annoyed and eagerly looking for the new ship to jump to will see Microsoft using their market position to strangle out potential competition in the crib.

    The sort of attack we're seeing on the Linux kernal the last few weeks.

    link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 21 Sep 2018 @ 4:10pm

      Re:

      I hear ya. Remember WordPerfect reveal codes? Tried the same thing in MS Word and was sadly disappointed. I only bring it up as it was an explicit example of MS denigrating program capabilities.

      My first personal computer was an Apple IIc. A whole 128 KB of ram and one 350 KB floppy disk drive. Had to switch between OS and program and data floppies. Used the hell out of their spreadsheet and text programs.

      Then I worked for a company that only had DOS style machines and Lotus 123, and WordPerfect (I forget the version). What I learned was how to do the things I did in Apple in dos based programs, but I learned how locked down the Apple OS was. They gave me enough to run the programs. DOS however gave a whole lot more, and as I tried, and erred, more and more and more. I learned that Apple wanted control, and DOS less. Then came Windows and the control started to disappear. Then came Linux and the control came back.

      What's next?

      link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 22 Sep 2018 @ 11:16am

        Re: Remember WordPerfect reveal codes?

        No other word processor needs--or needed--the function. Because WordPerfect was just about* the only word processor in the world that used embedded formatting codes.

        *The only other one I can think of was WordStar.

        link to this | view in chronology ]

  • identicon
    Valkor, 24 Sep 2018 @ 7:23am

    This is why we can't have nice things.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.